History
The first deliberately slow password-based key derivation function was called "CRYPT" and was published by Robert Morris in 1978 for encrypting Unix passwords. It used an iteration count of 25, a 12-bit salt and a variant of DES as the sub-function. (DES proper was avoided in an attempt to frustrate attacks using standard DES hardware.) It also limited passwords to a maximum of eight ASCII characters. While it seemed a great advance at the time, CRYPT(3) is now considered inadequate. The iteration count, designed for the PDP-11 era, is too low, 12 bits of salt is an inconvenience but does not stop precomputed dictionary attacks, and the 8 character limit prevents the use of stronger passphrases.
Modern password-based key derivation functions, such as PBKDF2 (specified in RFC 2898), use a cryptographic hash, such as MD5 or SHA1, more salt (e.g. 64 bits) and a high iteration count (often 1000 or more). There have been proposals, such as scrypt to use algorithms that require large amounts of computer memory and other computing resources to make custom hardware attacks more difficult to mount.
In 2009, a new key strengthening algorithm, scrypt, was introduced that demands large amounts of memory to evaluate, limiting the use of custom, highly parallel hardware to speed up key testing.
Read more about this topic: Key Stretching
Famous quotes containing the word history:
“We are told that men protect us; that they are generous, even chivalric in their protection. Gentlemen, if your protectors were women, and they took all your property and your children, and paid you half as much for your work, though as well or better done than your own, would you think much of the chivalry which permitted you to sit in street-cars and picked up your pocket- handkerchief?”
—Mary B. Clay, U.S. suffragist. As quoted in History of Woman Suffrage, vol. 4, ch. 3, by Susan B. Anthony and Ida Husted Harper (1902)
“There is no history of how bad became better.”
—Henry David Thoreau (1817–1862)
“The foregoing generations beheld God and nature face to face; we, through their eyes. Why should not we also enjoy an original relation to the universe? Why should not we have a poetry and philosophy of insight and not of tradition, and a religion by revelation to us, and not the history of theirs?”
—Ralph Waldo Emerson (1803–1882)